[ofa-general] Allowing end-users to query for fabric information

[Mike Heinz]

Roland,

I've been thinking about this some more and I have to say I'm still a
bit confused. Are you saying that any root user on any node of the
fabric can change the routing tables? Isn't the ability to access and
alter subnet information controlled via the management key?


--
Michael Heinz
Principal Engineer, Qlogic Corporation
King of Prussia, Pennsylvania

-----Original Message-----
From: general-bounces at lists.openfabrics.org
[mailto:general-bounces at lists.openfabrics.org] On Behalf Of Mike Heinz
Sent: Monday, September 22, 2008 3:19 PM
To: Roland Dreier
Cc: general at lists.openfabrics.org
Subject: RE: [ofa-general] Allowing end-users to query for fabric
information

Thanks for the explanation. 


--
Michael Heinz
Principal Engineer, Qlogic Corporation
King of Prussia, Pennsylvania

-----Original Message-----
From: Roland Dreier [mailto:rdreier at cisco.com]
Sent: Monday, September 22, 2008 3:18 PM
To: Mike Heinz
Cc: general at lists.openfabrics.org
Subject: Re: [ofa-general] Allowing end-users to query for fabric
information

 > What was the reason for making this design choice? While I could  >
certainly provide boot scripts to change the permissions to  >
/dev/infiniband/umad*, I'd rather understand why the decision was made
> to restrict access.

because /dev/infiniband/umadX allows full unfiltered access to
send/receive any MADs.  Including changing routing tables, bringing
ports down, etc.  Not stuff that unprivileged users should be able to
do.

It would make sense to have a higher-level interface that only allows
safe queries without side effects, but that's quite a bit more work than
just changing permissions on device nodes.

 - R.
_______________________________________________
general mailing list
general at lists.openfabrics.org
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general

To unsubscribe, please visit
http://openib.org/mailman/listinfo/openib-general